New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
null pointer dereference in Perl_sv_setpvn at sv.c:4896 #15287
Comments
From @geeknikWhile fuzzing Perl v5.24.0-RC1-2-gde1d2c7 with American Fuzzy Lop, I discovered that perl -e '$0=$.^=*.=$0=0' causes a null pointer dereference and crash. This crash affects Perl v5.14.2 as well. Program received signal SIGSEGV, Segmentation fault. |
From @SmylersBrian Carpenter writes:
Smaller case that still yields the crash, without special variables: perl -e '$x ^= *x = 0' Also: But not: perl -e '$x &= *x = 0' Smylers |
The RT System itself - Status changed from 'new' to 'open' |
From @cpansproutOn Fri Apr 22 01:38:07 2016, smylers@stripey.com wrote:
That UNKNOWN is an internal fallback value that should never be seen. I would say this last case is just as buggy. It smells like a stack issue. -- Father Chrysostomos |
From zefram@fysh.orgBrian Carpenter wrote:
This reduces to perl -e '$z ^= *z=0' which looks almost exactly like [perl #127934]. That one used *= and -zefram |
From @cpansproutOn Fri Apr 22 08:36:02 2016, zefram@fysh.org wrote:
I am pretty sure these are both stack issues. The *z=0 frees *z{SCALAR} while the latter is on the stack. $ perl -le 'print $^V' -- Father Chrysostomos |
From @geeknikI just ran into this issue again while fuzzing v5.25.1-152-g81b22c1. |
From [Unknown Contact. See original ticket]I just ran into this issue again while fuzzing v5.25.1-152-g81b22c1. |
Migrated from rt.perl.org#127956 (status was 'open')
Searchable as RT127956$
The text was updated successfully, but these errors were encountered: